Zeus attack spotted on BlackBerry handsets

Trend Micro has reported that the Zeus Trojan has found its way onto the BlackBerry smartphone OS.

The security firm said that it had been expecting the BlackBerry platform to fall victim to some kind of attack, and that it first predicted an assault in 2006.

"The smartphone may have remained spared from malware attacks over the years although there have been recent news of a Zeus variant specifically targeting BlackBerry users," wrote Patrick Estavillo, a threat analyst at Trend Micro, in a blog post.

"Banking Trojans are evolving, and more sophisticated attacks involving smartphones are among the most recent developments."

Trend Micro has identified a Zeus variant dubbed BBOS_ZITMO.B which it said is using obfuscation techniques to avoid detection.

"Just like its desktop counterpart, this Zeus variant does not display any graphical user interface that can prompt users about the infection. Instead, it removes itself from the list of applications in order to effectively stay under the radar," explained Estavillo.

Once installed on a handset the malware sends a confirmation message to its administrator, which allows them to change message forwarding addresses and take control of phone commands.

Estavillo said that the malware could let an attacker send malicious messages to a handset, relay hidden text messages anonymously, block calls, remove blocks on other calls, add a new administrator and turn the phone on and off.

The BlackBerry operating system is not the only mobile software under attack, warned Estavillo, and variants targeting Symbian and Windows Mobile have also been spotted with similar traits to BBOS_ZITMO.B.

"Users are strongly advised to keep their mobile devices secure, and be cautious in installing applications and clicking links sent by unknown users, as they may lead to the download of malicious applications," he said

Trend Micro has awarded the threat a Low rating.